I have a Sonicwall TZ100 using Radius that is connecting to a new install of Server 2012 with NPS configured. I've followed exactly what I've done on 2008 in the past and I'm getting errors when I try to connect. The error message is:
Radius Client Authentication Failed (MSCHAP error: E=649 R=0 V=3)
On the server, I have found that NPS authentication is failing with the following message:
Reason Code: 65Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.
I've found that if I edit the user profile in Active Directory and under a user's Dial-in tab select Allow Access, the error goes away and radius authenticates properly. For some reason the NPS policy isn't granting access properly. Where do I need to go to troubleshoot further why the NPS policy isn't working properly?